package com.jgp.security.shiro;


import com.alibaba.fastjson.JSON;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.boot.configurationprocessor.json.JSONObject;

import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;

/**
 * 项目   jgp-cloud-parent
 * 作者   loufei
 * 时间   2020/11/5
 */
public class RSAUtils {
    // 加密数据和秘钥的编码方式
    public static final String UTF_8 = "UTF-8";
    
    // 填充方式
    public static final String AES_ALGORITHM = "AES/CFB/PKCS5Padding";
    public static final String RSA_ALGORITHM = "RSA/ECB/PKCS1Padding";
    public static final String RSA_ALGORITHM_NOPADDING = "RSA";
    
    /**
     * Description: 解密接收数据
     *
     * @param externalPublicKey
     * @param selfPrivateKey
     * @param receivedMap
     * @throws InvalidKeyException
     * @throws NoSuchPaddingException
     * @throws NoSuchAlgorithmException
     * @throws BadPaddingException
     * @throws IllegalBlockSizeException
     * @throws UnsupportedEncodingException
     * @throws InvalidAlgorithmParameterException
     * @throws DecoderException
     * @author wh.huang  DateTime 2018年11月15日 下午5:06:42
     */
    public static String decryptReceivedData(PublicKey externalPublicKey, PrivateKey selfPrivateKey, String receiveData) throws InvalidKeyException
            , NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException,
            InvalidAlgorithmParameterException, DecoderException {
        
        @SuppressWarnings("unchecked") Map<String, String> receivedMap = (Map<String, String>) JSON.parse(receiveData);
        
        // receivedMap为请求方通过from urlencoded方式，请求过来的参数列表
        String inputSign = receivedMap.get("sign");
        
        // 用请求方提供的公钥验签，能配对sign，说明来源正确
        inputSign = decryptRSA(externalPublicKey, inputSign);
        
        // 校验sign是否一致
        String sign = sha256(receivedMap);
        if (!sign.equals(inputSign)) {
            // sign校验不通过，说明双方发送出的数据和对方收到的数据不一致
            System.out.println("input sign: " + inputSign + ", calculated sign: " + sign);
            return null;
        }
        
        // 解密请求方在发送请求时，加密data字段所用的对称加密密钥
        String key = receivedMap.get("key");
        String salt = receivedMap.get("salt");
        key = decryptRSA(selfPrivateKey, key);
        salt = decryptRSA(selfPrivateKey, salt);
        
        // 解密data数据
        String data = decryptAES(key, salt, receivedMap.get("data"));
        System.out.println("接收到的data内容：" + data);
        return data;
    }
    
    /**
     * Description: 加密数据组织示例
     *
     * @param externalPublicKey
     * @param selfPrivateKey
     * @return 加密后的待发送数据
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeySpecException
     * @throws InvalidKeyException
     * @throws NoSuchPaddingException
     * @throws UnsupportedEncodingException
     * @throws BadPaddingException
     * @throws IllegalBlockSizeException
     * @throws InvalidAlgorithmParameterException
     * @author wh.huang DateTime 2018年11月15日 下午5:20:11
     */
    public static String encryptSendData(PublicKey externalPublicKey, PrivateKey selfPrivateKey, JSONObject sendData) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, UnsupportedEncodingException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        
        // 随机生成对称加密的密钥和IV (IV就是加盐的概念，加密的偏移量)
        String aesKeyWithBase64 = genRandomAesSecretKey();
        String aesIVWithBase64 = genRandomIV();
        
        // 用接收方提供的公钥加密key和salt，接收方会用对应的私钥解密
        String key = encryptRSA(externalPublicKey, aesKeyWithBase64);
        String salt = encryptRSA(externalPublicKey, aesIVWithBase64);
        
        // 组织业务数据信息，并用上面生成的对称加密的密钥和IV进行加密
        System.out.println("发送的data内容：" + sendData.toString());
        String cipherData = encryptAES(aesKeyWithBase64, aesIVWithBase64, sendData.toString());
        
        // 组织请求的key、value对
        Map<String, String> requestMap = new TreeMap<String, String>();
        requestMap.put("key", key);
        requestMap.put("salt", salt);
        requestMap.put("data", cipherData);
        requestMap.put("source", "由接收方提供"); // 添加来源标识
        
        // 计算sign，并用请求方的私钥加签，接收方会用请求方发放的公钥验签
        String sign = sha256(requestMap);
        requestMap.put("sign", encryptRSA(selfPrivateKey, sign));
        
        // TODO: 以form urlencoded方式调用，参数为上面组织出来的requestMap
        
        // 注意：请务必以form urlencoded方式，否则base64转码后的个别字符可能会被转成空格，对方接收后将无法正常处理
        JSONObject json = new JSONObject(requestMap);
        return json.toString();
    }
    
    /**
     * Description: 获取随机的对称加密的密钥
     *
     * @return 对称秘钥字符
     * @throws NoSuchAlgorithmException
     * @throws UnsupportedEncodingException
     * @throws IllegalBlockSizeException
     * @throws BadPaddingException
     * @throws InvalidKeyException
     * @throws NoSuchPaddingException
     * @author wh.huang  DateTime 2018年11月15日 下午5:25:53
     */
    private static String genRandomAesSecretKey() throws NoSuchAlgorithmException, UnsupportedEncodingException, IllegalBlockSizeException,
            BadPaddingException, InvalidKeyException, NoSuchPaddingException {
        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(128);
        SecretKey secretKey = keyGen.generateKey();
        String keyWithBase64 = Base64.encodeBase64(secretKey.getEncoded()).toString();
        
        return keyWithBase64;
        
    }
    
    private static String genRandomIV() {
        SecureRandom r = new SecureRandom();
        byte[] iv = new byte[16];
        r.nextBytes(iv);
        String ivParam = Base64.encodeBase64(iv) + "";
        return ivParam;
    }
    
    /**
     * 对称加密数据
     *
     * @param keyWithBase64
     * @param aesIVWithBase64
     * @param plainText
     * @return
     * @throws NoSuchAlgorithmException
     * @throws NoSuchPaddingException
     * @throws InvalidKeyException
     * @throws IllegalBlockSizeException
     * @throws BadPaddingException
     * @throws UnsupportedEncodingException
     * @throws InvalidAlgorithmParameterException
     */
    private static String encryptAES(String keyWithBase64, String ivWithBase64, String plainText) throws NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException,
            InvalidAlgorithmParameterException {
        byte[] keyWithBase64Arry = keyWithBase64.getBytes();
        byte[] ivWithBase64Arry = ivWithBase64.getBytes();
        SecretKeySpec key = new SecretKeySpec(Base64.decodeBase64(keyWithBase64Arry), "AES");
        IvParameterSpec iv = new IvParameterSpec(Base64.decodeBase64(ivWithBase64Arry));
        
        Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, key, iv);
        
        return Base64.encodeBase64(cipher.doFinal(plainText.getBytes(UTF_8))).toString();
    }
    
    /**
     * 对称解密数据
     *
     * @param keyWithBase64
     * @param cipherText
     * @return
     * @throws NoSuchAlgorithmException
     * @throws NoSuchPaddingException
     * @throws InvalidKeyException
     * @throws IllegalBlockSizeException
     * @throws BadPaddingException
     * @throws UnsupportedEncodingException
     * @throws InvalidAlgorithmParameterException
     */
    private static String decryptAES(String keyWithBase64, String ivWithBase64, String cipherText) throws NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException,
            InvalidAlgorithmParameterException {
        byte[] keyWithBase64Arry = keyWithBase64.getBytes();
        byte[] ivWithBase64Arry = ivWithBase64.getBytes();
        byte[] cipherTextArry = cipherText.getBytes();
        SecretKeySpec key = new SecretKeySpec(Base64.decodeBase64(keyWithBase64Arry), "AES");
        IvParameterSpec iv = new IvParameterSpec(Base64.decodeBase64(ivWithBase64Arry));
        
        Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, key, iv);
        return new String(cipher.doFinal(Base64.decodeBase64(cipherTextArry)), UTF_8);
    }
    
    /**
     * 非对称加密，根据公钥和原始内容产生加密内容
     *
     * @param key
     * @param content
     * @return
     * @throws NoSuchPaddingException
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeyException
     * @throws UnsupportedEncodingException
     * @throws BadPaddingException
     * @throws IllegalBlockSizeException
     * @throws InvalidAlgorithmParameterException
     */
    private static String encryptRSA(Key key, String plainText) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
            UnsupportedEncodingException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, key);
        return Base64.encodeBase64(cipher.doFinal(plainText.getBytes(UTF_8))).toString();
    }
    
    /**
     * 根据私钥和加密内容产生原始内容
     *
     * @param key
     * @param content
     * @return
     * @throws NoSuchPaddingException
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeyException
     * @throws DecoderException
     * @throws BadPaddingException
     * @throws IllegalBlockSizeException
     * @throws UnsupportedEncodingException
     * @throws InvalidAlgorithmParameterException
     */
    private static String decryptRSA(Key key, String content) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
            DecoderException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, key);
        byte[] contentArry = content.getBytes();
        return new String(cipher.doFinal(Base64.decodeBase64(contentArry)), UTF_8);
    }
    
    /**
     * 计算sha256值
     *
     * @param paramMap
     * @return 签名后的所有数据，原始数据+签名
     */
    private static String sha256(Map<String, String> paramMap) {
        Map<String, String> params = new TreeMap<String, String>(paramMap);
        
        StringBuilder concatStr = new StringBuilder();
        for (Map.Entry<String, String> entry : params.entrySet()) {
            if ("sign".equals(entry.getKey())) {
                continue;
            }
            concatStr.append(entry.getKey() + "=" + entry.getValue() + "&");
        }
        
        return DigestUtils.md5Hex(concatStr.toString());
    }
    
    /**
     * 创建RSA的公钥和私钥示例 将生成的公钥和私钥用Base64编码后打印出来
     *
     * @throws NoSuchAlgorithmException
     */
    public static Map<String, String> createKeyPairs() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        System.out.println("公钥" + Base64.encodeBase64(publicKey.getEncoded()));
        System.out.println("私钥" + Base64.encodeBase64(privateKey.getEncoded()));
        Map<String, String> pairs = new HashMap<>();
        pairs.put("publicKey", new String(Base64.encodeBase64(publicKey.getEncoded())));
        pairs.put("privateKey", new String(Base64.encodeBase64(privateKey.getEncoded())));
        return pairs;
    }
    
    /**
     * Description:默认的RSA解密方法 一般用来解密 参数 小数据
     *
     * @param privateKeyStr
     * @param data
     * @return
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeySpecException
     * @throws NoSuchPaddingException
     * @throws InvalidKeyException
     * @throws IllegalBlockSizeException
     * @throws BadPaddingException
     * @author wh.huang  DateTime 2018年12月14日 下午3:43:11
     */
    public static String decryptRSADefault(String privateKeyStr, String data) throws NoSuchAlgorithmException, InvalidKeySpecException,
            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM_NOPADDING);
        byte[] privateKeyArray = privateKeyStr.getBytes();
        byte[] dataArray = data.getBytes();
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyArray));
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        
        Cipher cipher = Cipher.getInstance(RSA_ALGORITHM_NOPADDING);
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        return new String(cipher.doFinal(Base64.decodeBase64(dataArray)), UTF_8);
    }
    
    public static void main(String[] args) throws NoSuchPaddingException, UnsupportedEncodingException, NoSuchAlgorithmException,
            IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidKeySpecException {
        Map<String,String> pairs = createKeyPairs();
        System.out.println(pairs.get("privateKey"));
        System.out.println(pairs.get("publicKey"));
        
        String privateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClHCsgp+8xLA9qBcqxvxmgcuuFXbd4hY/atSXGgemPia97843fVoGQ98y7j5orzk17d3B8noJKAeJF3DWPHbuI8cCkyq0qng3wONlJtBmpQoCverd8ypZbWmGgwFSgW58IbhPNqKgIrrGCsaMc+zBQc9dxgip3AmFU5HRwP/gbzTVFESAygbYoeQ7owwNvm6Iro8vJ9ye1eHUFPu4uR0XjIOc8ByWbTZJ7RJ+nhP7VbgxZrjQqhc9aa/8f7iZJxTPGxz5RJdx52dI/UeuhxSe21E4i4RBx6HOvqXYS9kblunV2BeX3mZG8M96FG/STTwVldwlGNt5mcxbJKnhn4Yo5AgMBAAECggEADk1jWv/RE3RanXeE+GKyaJir2DCnDPSc4nggnpJwVfO6VMVjO751mMYuYOzukO7c/V36S4E7jgedvyl1JkGQFivC4UOBPpjUYkO6Zs0IEAZnuUurC09NOPqaTF98tStamlNWudDrRV1EmSqkE4WayM1QE1AQN6DoJ39mqraP2nCHQt7mLgvxAZq6sUR1Yuwa54Z3OgDzO5hEKhKb5SAy60iUJgokfOegu6niWa8cDMfujMtbdb5gN3rr6ZUqJiSm2QD1ro/OvgkD3y20frHXNJWu99VErTS0fFuslFWP0FDLdRFToAyWx3Ml0YEox2/kC8HHJeby03nnzvdLs5YY5QKBgQDrkEKB2qPSvzgQPcYOiRueLMhKiLjkpId4w28866x0TmSrK7Ej+vXUj6TtfBKkIHw/yHRtk89NycAFQTOy0n9H7iebFAIKjydUN7uHteb6UAsRm661GtBshVg9p0JKx2iDyHe4+bS3ClCMqimLlD1QDVotD1qdOOITh/IBOxcD9wKBgQCzbyyjQs1hpoD4WtlNfk9pbdzecYf6+yNpXq6Ms2GXkWvEWxbON35QVAjD0i84k04XkkRchcPPiiB7W6LJ5c7fdfdQpdOg85d8LArtthm0zOJrUAkpq4nFAltHe1gqki9SaUrdKHQJRoWaERspnLA86dH2hMdjYqeMCAlP26z3TwKBgDpKKzrouGsY6C2Uq6LDKLNeT32qEV56nA81BRylELqC/4QfvqixnA0qMlyVvCMi6rv5xV2sGrsb9kkWlk1kqxxIgUJtlAe63reHRv9Q8sPz9Jk51eR4qyR/ZpNzBQNuDp21iHKcT6yPf9ke7kLcvsNFWpAV4Y1QGxlMJYVKcuqHAoGADgo86+lmOKXWoZg6OJ4RiKZYCe/IPBM6ihwmfEvs7vcp/4tBFZGyCIcKyIfBuiOMkLuZLcQptiuQrxZUfofE0Cdi2qSfEpD84XJwyHjfOg5uCQeSL/iEJy4wBj/YfjxCB6jFetiXe8JQ4eVEwtTH1XxWOXvaPiSSB5r5X45I0nECgYEAoqB7bB/h5i3zi3GGdeE2WyHNYNllRdr4gVbabqaCsQK1RctZTpkxuLRni4GQN2JLjcrdeMM1/s1bpCWLp22DnqCSEBJ4lHs4W/ALx2xwv9vZTxnd6Ae1xDTM+SlfFwoX/fQxDcTQk4i+cCZsL3Gf3H4mG6jtM7k/CjpvDWtFS1A=";
        String nbxh = decryptRSADefault(privateKey,"jyRuNESX5vEKfEdMuvkc9HJ9fcn/IDyEyayCg7MQRvRA8KqM5VeET5koX2kiaGfHk+xXftVrdZG/+hGlMW4PI7oUohnPVEz03qH1mQdkRcKUEWps+K/v0ffrLbs8e+JQ1asZNhTAKmIHo7+z6ehlGboTN5gahj6LILCuJ7XK3MPKOp3NAuO1QO8U+k5zyCnqXAa5I1FjlRAjK47fwqIrrUK2/dfPlBnoa2ZOPKBwvqLvHG5L1HVncBEgst2FLwYUoDLyhTagS2cCk7FQfGpdNpQLishSBzHzATEaLBdyfJ+armAtvfF0P54T7AmFqxXojldL0QnHNhiUeKnoXCyoxg=");
        System.out.println(nbxh);
    }
}
